Hi Team,

By default, the DataPower Gateway uses a self-signed certificate during the handshake for client/user to DataPower connectivity over GUI.

Wanted to know:

1) When/in order to meet what requirements; is the TLS Server Profile required in Web Management Service.
2) If we are using the custom TLS Server profile, does user/client have to make sure of other pre-requisites in order to log in to GUI.

Sunil,

IBM supplies a certificate so one can log into the appliance WEB UI without having to do something like log into the CLI via the serial connection to setup a suitable certificate for such a purpose.  After that, you'd most likely want to use a host certificate suitable for the appliance itself.

However, with that said, the requirements for setting up the TLS server profile for the WEB UI are for security and host resolution purposes.  Generally, it will be a security requirement from your leadership.

To answer your second question, that will depend upon the certificate placed into the server profile.  For example, when using a self-signed certificate, the user/client will likely have to bypass a browser's security warning and install the certificate so it is trusted in subsequent web sessions.   If the certificate is publicly signed, say by DigiCert, then generally your client won't see a security warning.  Another case would be a local CA, something other than a public CA, signed certificate, in which case your client may trust that CA, or may not.

Hi Team,

By default, the DataPower Gateway uses a self-signed certificate during the handshake for client/user to DataPower connectivity over GUI.

Wanted to know:

1) When/in order to meet what requirements; is the TLS Server Profile required in Web Management Service.
2) If we are using the custom TLS Server profile, does user/client have to make sure of other pre-requisites in order to log in to GUI.

Sunil,

IBM supplies a certificate so one can log into the appliance WEB UI without having to do something like log into the CLI via the serial connection to setup a suitable certificate for such a purpose.  After that, you'd most likely want to use a host certificate suitable for the appliance itself.

However, with that said, the requirements for setting up the TLS server profile for the WEB UI are for security and host resolution purposes.  Generally, it will be a security requirement from your leadership.

To answer your second question, that will depend upon the certificate placed into the server profile.  For example, when using a self-signed certificate, the user/client will likely have to bypass a browser's security warning and install the certificate so it is trusted in subsequent web sessions.   If the certificate is publicly signed, say by DigiCert, then generally your client won't see a security warning.  Another case would be a local CA, something other than a public CA, signed certificate, in which case your client may trust that CA, or may not.

Hi Team,

By default, the DataPower Gateway uses a self-signed certificate during the handshake for client/user to DataPower connectivity over GUI.

Wanted to know:

1) When/in order to meet what requirements; is the TLS Server Profile required in Web Management Service.
2) If we are using the custom TLS Server profile, does user/client have to make sure of other pre-requisites in order to log in to GUI.

Hi Joseph,

If we are generating self-signed certs using the crypto tools in datapower, and assign the same to web management service.
Hope there won't be any issues related to user login.

Sunil,

IBM supplies a certificate so one can log into the appliance WEB UI without having to do something like log into the CLI via the serial connection to setup a suitable certificate for such a purpose.  After that, you'd most likely want to use a host certificate suitable for the appliance itself.

However, with that said, the requirements for setting up the TLS server profile for the WEB UI are for security and host resolution purposes.  Generally, it will be a security requirement from your leadership.

To answer your second question, that will depend upon the certificate placed into the server profile.  For example, when using a self-signed certificate, the user/client will likely have to bypass a browser's security warning and install the certificate so it is trusted in subsequent web sessions.   If the certificate is publicly signed, say by DigiCert, then generally your client won't see a security warning.  Another case would be a local CA, something other than a public CA, signed certificate, in which case your client may trust that CA, or may not.

Hi Team,

By default, the DataPower Gateway uses a self-signed certificate during the handshake for client/user to DataPower connectivity over GUI.

Wanted to know:

1) When/in order to meet what requirements; is the TLS Server Profile required in Web Management Service.
2) If we are using the custom TLS Server profile, does user/client have to make sure of other pre-requisites in order to log in to GUI.

Not as long as those logging into the DataPower don't mind accepting the security exception presented by the browser, it should be fine.

Hi Joseph,

If we are generating self-signed certs using the crypto tools in datapower, and assign the same to web management service.
Hope there won't be any issues related to user login.

Sunil,

IBM supplies a certificate so one can log into the appliance WEB UI without having to do something like log into the CLI via the serial connection to setup a suitable certificate for such a purpose.  After that, you'd most likely want to use a host certificate suitable for the appliance itself.

However, with that said, the requirements for setting up the TLS server profile for the WEB UI are for security and host resolution purposes.  Generally, it will be a security requirement from your leadership.

To answer your second question, that will depend upon the certificate placed into the server profile.  For example, when using a self-signed certificate, the user/client will likely have to bypass a browser's security warning and install the certificate so it is trusted in subsequent web sessions.   If the certificate is publicly signed, say by DigiCert, then generally your client won't see a security warning.  Another case would be a local CA, something other than a public CA, signed certificate, in which case your client may trust that CA, or may not.

Hi Team,

By default, the DataPower Gateway uses a self-signed certificate during the handshake for client/user to DataPower connectivity over GUI.

Wanted to know:

1) When/in order to meet what requirements; is the TLS Server Profile required in Web Management Service.
2) If we are using the custom TLS Server profile, does user/client have to make sure of other pre-requisites in order to log in to GUI.